Bitcoin prices plummet on hacked exchange

A security breach at the leading Bitcoin exchange caused the currency's price …

The Bitcoin community faced another crisis on Sunday afternoon as the price of the currency on the most popular exchange, Mt.Gox, fell from $17 to pennies in a matter of minutes. Trading was quickly suspended and visitors to the home page were redirected to a statement blaming the crash on a compromised user account. Mt.Gox's Mark Karpeles said that the exchange would be taken offline to give administrators time to roll back the suspect transactions.

The extent of the compromise became clear when a copy of Mt.Gox's user database began circulating online. The file included username, email addres, and hashed password for thousands of Mt.Gox users. Karpeles's statement was updated to acknowledge the breach. He warned users who have re-used the Mt.Gox passwords on other sites to change them.

The crash appears to be the fault of the Mt.Gox exchange rather than a collapse in the value of the currency itself, as the integrity of Bitcoin's underlying peer-to-peer transaction clearing process does not appear to have been compromised. Prices at a competing exchange showed Bitcoins trading down about 25 percent to $13 per Bitcoin earlier today, although it has edged up since.

It's been a bad weekend for Mt.Gox, which until now has been the most popular method for converting between Bitcoins and more conventional currencies. Earlier in the weekend, it was reported that the site was vulnerable to a cross-site request forgery in which a logged-in user could be tricked into submitting fraudulent transaction requests. On Sunday, dozens of irate Bitcoin users pledged to stop using the exchange, arguing that the site's administrators lacked the technical sophistication to build a secure and reliable currency exchange.

But Bitcoin users have few alternatives if they wish to convert their Bitcoins into more stable commodities. A recently-launched competitor, called TradeHill, has capitalized on Mt.Gox's troubles by encouraging members of the Bitcoin community to use their exchange instead. But the site is so new that no one knows if its administrators have the resources or technical expertise to avoid the security and reliability problems that have plagued Mt.Gox.

It's been a wild couple of months for Bitcoin traders. Between April and June, the currency rose from a dollar to more than $30. This month, it fell back to $10 and rose again to $20. It was at $17 at the beginning of this weekend before a string of bad news pushed it down again.

Theoretically, this weekend's developments shouldn't damage Bitcoin's long-term value, since the security model of the underlying currency remains uncompromised. But Bitcoin is a fiat currency; its value ultimately depends on nothing more than public confidence. If the recent string of Bitcoin-related security woes convinces more Bitcoin users to cash out, the currency's value could continue to fall.

"Trading real currency I can use anywhere for currency that I can't physically hold and is only accepted at a handful of retailers for what benefit?"

The same could have been said about credit cards at one point. Most money does not even exist in a physical form you can hold. The difference it simply who is backing its value, and what forces control the exchange rate. Standard currency has some measure of guidance, and the confidence in its backing government. Bitcoins value are defined by the market and the algorithms, and the confidence of it is only in its software and security.

To be fair, it's always the early adopters that get screwed. Bitcoin is an interesting experiment, and I doubt this is the death knell, but nobody with any sense would consider any money spent on it as anything vaguely resembling investment. It's more like gambling or just spent and gone.

"Trading real currency I can use anywhere for currency that I can't physically hold and is only accepted at a handful of retailers for what benefit?"

The same could have been said about credit cards at one point. Most money does not even exist in a physical form you can hold. The difference it simply who is backing its value, and what forces control the exchange rate. Standard currency has some measure of guidance, and the confidence in its backing government. Bitcoins value are defined by the market and the algorithms, and the confidence of it is only in its software and security.

To be fair, it's always the early adopters that get screwed. Bitcoin is an interesting experiment, and I doubt this is the death knell, but nobody with any sense would consider any money spent on it as anything vaguely resembling investment. It's more like gambling or just spent and gone.

No, credit cards always gave credit in real currency and the debt is entitled to all the usual legal protections, as are the consumers against stolen identities and false charges.

Trade Hill has suspended accounts today. "Because of the possibility that our users may have used the same password on multiple exchanges, we will be halting the ability to trade or withdraw funds for a few hours."I think digital currency will eventually become really important, but incidents like this are devastating, because customers' faith in security is paramount, more important than the actual safety of accounts!Describing Bitcoin as a fiat currency is confusing because Bitcoin is not legal tender. While it is not exactly a commodity, perhaps it can best be described as a banknote?

Bitcoin is in its infancy, and details like this show it quite clearly. It's no different than the establishment of any new currency base. The US dollar had issues at first, as did the Euro (remember all the hullabaloo over the euro when it first arrived?!) , as did just about every other currency ever issued.

In some ways these things are necessary for Bitcoin to be subjected to. This incident helped to show the security weaknesses involved with decentralized exchanges. With no backing authority or regulation, Bitcoin is entirely dependent on the good graces of its user base. Only time will tell if it will end up a success or a rampant failure.

Now, where can I get some Bitcoin exchanged into my local currency, chickens?

So, a devaluation with a purpose is worse than the constant devaluation over time from advances in GPU technologies that speed up Bitcoin mining?

You realize that the latter will cause a form of rampant inflation after awhile that will render the currency unusable?

I doubt you do, since it seems most of Bitcoin's users find it more important to assert their misguided anti-social ideals than be faced with the realization of long term failure.

You seem to know nothing about bitcoin. Bitcoins are limited in supply by design. There will never be more than roughly 21 million bitcoins and the rate of supply is predetermined and decreasing over time.

Hrm. I have not heard anything concerning Bitcoin until the write-up, what, a few weeks ago? Now there is rather unsophisticated malware and a previously substantial heist (substantial until the value dropped roughly 99.8%) in the news. Is this just coincidence or did the sudden media coverage draw the interest of those who tend to trend towards these activities?

p.s. Not conspiracy theorying, just wondering if there is any sort of cause and effect or just serendipitous timing.

Edit: Just saw the other exchange was lower, but not pennies. Sorry I missed that

Got through the whole article. No mention of what Bitcoin is. Really? We're just supposed to know what a service nobody has ever heard of does?

Apparently only Bitcoin users know what exactly Bitcoin is. They explain it as some sort of digital currency and the rest of the explanation makes absolutely no sense. It sometimes sound like a combined pyramid/ponzi scheme. This may be something for the tinfoil hat wearing crowd only.

The vulnerability doesn't seem to be limited to Bitcoin per se. If the site allows the posting of "real" requests to be performed on behalf of a logged in user it could happen whatever the underlying currency is.

Got through the whole article. No mention of what Bitcoin is. Really? We're just supposed to know what a service nobody has ever heard of does?

I expect that the previous two articles in the past week on Ars about the Bitcoin issues should have been enough to educate people on what Bitcoins are. They shouldn't have to repeat the same foundational information every time.

Apparently only Bitcoin users know what exactly Bitcoin is. They explain it as some sort of digital currency and the rest of the explanation makes absolutely no sense. It sometimes sound like a combined pyramid/ponzi scheme. This may be something for the tinfoil hat wearing crowd only.

Got through the whole article. No mention of what Bitcoin is. Really? We're just supposed to know what a service nobody has ever heard of does?

I expect that the previous two articles in the past week on Ars about the Bitcoin issues should have been enough to educate people on what Bitcoins are. They shouldn't have to repeat the same foundational information every time.

Nevertheless I agree with the comment. Either Ars should have an automatic list of related articles, like other blogs or news sites do, based on keywords, or it would be great for usability to add a list of related articles. You can't expect everybody to read every Ars article, especially if they spread over 2 weeks or if people were not Ars readers before and just got a link to this specific article.

Apparently only Bitcoin users know what exactly Bitcoin is. They explain it as some sort of digital currency and the rest of the explanation makes absolutely no sense. It sometimes sound like a combined pyramid/ponzi scheme. This may be something for the tinfoil hat wearing crowd only.

So, a devaluation with a purpose is worse than the constant devaluation over time from advances in GPU technologies that speed up Bitcoin mining?

Thats not how bitcoin mining works. The difficulty of solving each solution is adjusted in proportion to how quickly the previous solution was found. So over time advanced in GPU technology just result in more difficult thresholds being required of future solutions. Furthermore, each interval returns a smaller number of bitcoins, so in fact the entire currency should deflate over time assuming people keep using it.

FWIW price stability with bitcoins is likely to be a long term problem. Since the supply doesn't keep up with economic growth, you have a pretty strong incentive to hold onto bitcoins, since in the future you know they'll be worth more hard currency. Of course, since the purpose of bitcoins isn't to replace other currencies, but rather to supplement them, I'm not sure how much that really matters.

I've briefly read about 3 articles on this story and I'm surprised that no one (from what I've skimmed) has pointed out that this could have been the work of the credit card companies. They're trying to take out the competition and they don't even have to do a particularly good job at the hack, just make it ugly enough to erode the confidence in the Bitcoin system.

Is it weird that within the space of a couple weeks I went from hearing about Bitcoin for the first time, to hearing that it was hacked, then to hearing it was all over. Product cycles going faster than ever.

Got through the whole article. No mention of what Bitcoin is. Really? We're just supposed to know what a service nobody has ever heard of does?

I expect that the previous two articles in the past week on Ars about the Bitcoin issues should have been enough to educate people on what Bitcoins are. They shouldn't have to repeat the same foundational information every time.

Nevertheless I agree with the comment. Either Ars should have an automatic list of related articles, like other blogs or news sites do, based on keywords, or it would be great for usability to add a list of related articles. You can't expect everybody to read every Ars article, especially if they spread over 2 weeks or if people were not Ars readers before and just got a link to this specific article.

I've briefly read about 3 articles on this story and I'm surprised that no one (from what I've skimmed) has pointed out that this could have been the work of the credit card companies. They're trying to take out the competition and they don't even have to do a particularly good job at the hack, just make it ugly enough to erode the confidence in the Bitcoin system.

You went straight from "could have" to "They're" (They are). Even if they could have, it doesn't mean that they did. They could have a motive, but that doesn't mean that they had the means, or that they actually did it. That is how conspiracy theories start.

Other then a motive you just thought up, do you have ANY reason at all to suspect the "credit card companies". I'd like to point out that there are no underground meetings where all the credit card companies aren't competitors and they all pull together to work their nefarious schemes.

Let me put forward a more likely suggestion: this is the work of Lulzsec, Anon, or any one of their people who thought "let me just try something... holy crap, it worked!" Similar to inputting the Konami Code on an ATM and having it spit out $100 dollar bills.

Shit happens. I love the concept of bitcoins, and I've been following it fairly closely, though the core principles elude me atm. Bitcoins are absolute freedom, and demand absolute responsibility. Nobody is going to run to the rescue if you screwup, but in return, you get complete control of your money. People will get burned, especially early on, but that's the way it goes. The rest will get stronger, and users will learn over time.

Are the 'proof-of-work' that bitcoins do useless work or is it something useful?

Useless work.

LetterRip wrote:

If it is useless can something useful substitute for it - ie could solving protein folding; doing climate simulations etc. be utilized instead?

In practice that would mean betting the future of your money on no one figuring out a better algorithm to solve those problems. Not all that appealing. Instead they've basically just chosen a simple brute force search problem, since you can do that basically forever and no one will ever find a way to cheat unless we're very wrong about the nature of reality.

People have been claiming they've gotten their Mt Gox accounts have been hacked and money stolen for several days now. The owner of the site claims it must be their fault, even when they had strong passwords and well-secured computers. A couple of days before this database was released publicly, someone was trying to shop it around for cash. The site owner claimed it was all made up and there was no way anyone could get their hands on his user database.

Oh, and the official Bitcoin forums have found a sure-fire way of preventing loss of confidence: deleting threads. The initial thread about this hack disappeared, and so have any threads since that were too negative. This is not reassuring.

I've briefly read about 3 articles on this story and I'm surprised that no one (from what I've skimmed) has pointed out that this could have been the work of the credit card companies. They're trying to take out the competition and they don't even have to do a particularly good job at the hack, just make it ugly enough to erode the confidence in the Bitcoin system.

I'm sure they're just shaking in their boots about a system that has barely any recognition in the geek community and a handful of retailers.

Timothy B. Lee / Timothy covers tech policy for Ars, with a particular focus on patent and copyright law, privacy, free speech, and open government. His writing has appeared in Slate, Reason, Wired, and the New York Times.